I am struggling to get EC2 instances deployed via an ASG joined to the domain.
I get the following error each time
New-SSMAssociation : Document schema version, 2.2, is not supported by association that is created with instance id
I have tried various schema versions detailed Here however all fail with the same error
SSMdoc.tf
resource "aws_ssm_document" "ad-join-domain" {
name = "ad-join-domain"
document_type = "Command"
content = jsonencode(
{
"schemaVersion" = "2.2"
"description" = "aws:domainJoin"
"parameters" : {
"directoryId" : {
"description" : "(Required) The ID of the directory.",
"type" : "String"
},
"directoryName" : {
"description" : "(Required) The name of the domain.",
"type" : "String"
},
"dnsIpAddresses" : {
"description" : "(Required) The IP addresses of the DNS servers for your directory.",
"type" : "StringList"
},
},
"mainSteps" = [
{
"action" = "aws:domainJoin",
"name" = "domainJoin",
"inputs" = {
"directoryId" : data.aws_directory_service_directory.adgems.id,
"directoryName" : data.aws_directory_service_directory.adgems.name,
"dnsIpAddresses" : [data.aws_directory_service_directory.adgems.dns_ip_addresses]
}
}
]
}
)
}
template.tf
data "template_file" "ad-join-template" {
template = <<EOF
<powershell>
Set-DefaultAWSRegion -Region eu-west-2
Set-Variable -name instance_id -value (Invoke-Restmethod -uri http://169.254.169.254/latest/meta-data/instance-id)
New-SSMAssociation -InstanceId $instance_id -Name "${aws_ssm_document.ad-join-domain.name}"
</powershell>
EOF
}
The template is then referenced in the ASG Launch Template user_data section. Getting onto the instance I can see the script/logs and have confirmed the variables set (instance id for example).
Full error message from the PS running below
New-SSMAssociation : Document schema version, 2.2, is not supported by association that is created with instance id
At C:\Windows\system32\config\systemprofile\AppData\Local\Temp\EC2Launch228430162\UserScript.ps1:3 char:5
+ New-SSMAssociation -InstanceId $instance_id -Name "ad-join-domain ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Amazon.PowerShe...sociationCmdlet:NewSSMAssociationCmdlet) [New-SSMAs
sociation], InvalidOperationException
+ FullyQualifiedErrorId : Amazon.SimpleSystemsManagement.Model.InvalidDocumentException,Amazon.PowerShell.Cmdlets.
SSM.NewSSMAssociationCmdlet
Thank you for the assistance.